From ${URL} : The Stable Channel has been updated to 33.0.1750.152 for Mac and Linux and 33.0.1750.154 for Windows. Security Fixes and Rewards Congratulations to VUPEN and an Anonymous submission for winning the Pwn2Own competition. [$100,000] [352369] Code execution outside sandbox. Credit to VUPEN. [352374] High CVE-2014-1713: Use-after-free in Blink bindings [352395] High CVE-2014-1714: Windows clipboard vulnerability [$60,000] [352420] Code execution outside sandbox. Credit to Anonymous. [351787] High CVE-2014-1705: Memory corruption in V8 [352429] High CVE-2014-1715: Directory traversal issue We’re delighted at the success of Pwn2Own and the ability to study full exploits. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future. We also believe that both submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on both Pwn2Own submissions in the future. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Working on the bump.
Please stabilize on amd64 and x86. =www-client/chromium-33.0.1750.152
amd64 stable
x86 stable
Security: please add it to the existing draft or file a new one.
glsa request filed.
CVE-2014-1715 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715): Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. CVE-2014-1714 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714): The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard. CVE-2014-1713 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713): Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value. CVE-2014-1705 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705): Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
This issue was resolved and addressed in GLSA 201408-16 at http://security.gentoo.org/glsa/glsa-201408-16.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
